New to Splunk and its alternatives

xracerx · ‎06-09-2015

Hi there,

How is it possible to analyze windows log, lotus notes file and sample sap log files in the system. The purpose is to review admin and activity logs privileges in the system.

Is there other alternatives like sawmill and what can it do?

Any advice is much appreciated.

splunker12er · ‎06-09-2015

To analyze Windows logs , I would suggest you to install 'Splunk universal forwarder' (http://www.splunk.com/en_us/download/universal-forwarder.html#) choose your os version and type appropriately.

Continue the installation , and it prompts you to monitor for several logs, files , etc.

Configuration , Installation , forwarding, receiving, docs - FYR

http://docs.splunk.com/Documentation/Splunk/6.2.3/Forwarding/Setupforwardingandreceiving
http://docs.splunk.com/Documentation/Splunk/6.2.3/Forwarding/Configureforwarderswithoutputs.confd
http://docs.splunk.com/Documentation/Splunk/6.2.3/Updating/Exampleaddaninputtoforwarders

xracerx · ‎06-10-2015

Hi,

to be exact I am trying to analyze this type of log files.(File Server & Windows CPRS Log)

Level   Date and Time   Source  Event ID    Task Category
Information 10-Feb-15 11:02:17 AM   Microsoft-Windows-Security-Auditing 4780    User Account Management "The ACL was set on accounts which are members of administrators groups.


Subject:
    Security ID:        ANONYMOUS LOGON
    Account Name:       ANONYMOUS LOGON
    Account Domain:     NT AUTHORITY
    Logon ID:       0x3e6

Target Account:
    Security ID:        CISCODOMAIN\IS Account Operators
    Account Name:       IS Account Operators
    Account Domain:     DC=ciscodomain,DC=local

Any advise?

New to Splunk and its alternatives

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...